Owner

Current status

Detailed Description

The usermode/userhelper program is a setuid-root wrapper around a couple of tools, to provide superuser privileges to ordinary users. It’s policy is controlled by text files in /etc.

Most system policy today is controlled by polkit, a well-established, fine-grained, possible network-transparent infrastructure to manage privileged operations by ordinary users. Polkit can be used by privileged process to decide if it should execute privileged operations on behalf of the requesting user. Polkit also provides a setuid-root helper program called pkexec, its callbacks to ask for authorizations are well-integrated into shell and graphical environments.

Benefit to Fedora

centrally managed policy, network-transparency possible

polkit auth can distinguish between multiple sessions: e.g. untrusted user reboot request reboot only allowed when only a single user session runs

intercepting tools in sbin/ with tools in bin/ is considered bad practice; fewer dependencies on $PATH ordering

Scope

document how to convert consolehelper to polkit:

python: put pkexec in the wrapper shell

C tools: re-exec with pkexec in C code

C tools: move original to /usr/lib/<pkg>/<tool>, and wrap /usr/bin/<tool> with a pkexec shell (ugly!)

open tracker bug and file bugs against all individual packages

convert all packages, where it makes sense to use polkit, to pkexec

for the rest, drop usermode and recommend to use pkexec like sudo

How to convert

A fast and easy way to convert a former consolehelper program is the use of pkexec.

This will not export the DISPLAY variable, so we have to add a policy file, although starting a GUI as root is not encouraged.
The important part is: <annotate key="org.freedesktop.policykit.exec.allow_gui">true</annotate>